CN110289958A - Internet of Vehicles identity authentication method and system - Google Patents

Internet of Vehicles identity authentication method and system Download PDF

Info

Publication number
CN110289958A
CN110289958A CN201910648142.1A CN201910648142A CN110289958A CN 110289958 A CN110289958 A CN 110289958A CN 201910648142 A CN201910648142 A CN 201910648142A CN 110289958 A CN110289958 A CN 110289958A
Authority
CN
China
Prior art keywords
vehicle identification
vehicle
certification request
authenticating device
feedback information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910648142.1A
Other languages
Chinese (zh)
Other versions
CN110289958B (en
Inventor
武宗品
李鑫
李刚
张嵩
孙晓鹏
彭金辉
周吉祥
李铭乐
唐会增
李盈青
卫志刚
张永强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Xinda Jiean Information Technology Co Ltd
Original Assignee
Zhengzhou Xinda Jiean Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Xinda Jiean Information Technology Co Ltd filed Critical Zhengzhou Xinda Jiean Information Technology Co Ltd
Priority to CN201910648142.1A priority Critical patent/CN110289958B/en
Publication of CN110289958A publication Critical patent/CN110289958A/en
Application granted granted Critical
Publication of CN110289958B publication Critical patent/CN110289958B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3249Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3252Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Medical Informatics (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Biodiversity & Conservation Biology (AREA)
  • Biomedical Technology (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention provides an identity authentication method and system for an internet of vehicles. The system consists of an application server, a vehicle identity authentication device and an intelligent terminal with a vehicle networking application client, wherein the vehicle identity authentication device is only in safe communication with the identity authentication server, and the identity authentication server is used as a bridge for the vehicle identity authentication device to communicate with the application server and the vehicle networking application client, so that the vehicle identity authentication in various application scenes in the vehicle networking is realized. In the authentication process, the security of the identity authentication is ensured through encryption and decryption and digital signature, so that the identity authentication has high security. The vehicle networking identity authentication method system and the vehicle networking identity authentication method are suitable for the complex application environment of the vehicle networking, have strong universality, and can provide safety guarantee for vehicles in the vehicle networking as the main body of multiple functions such as traffic, communication, finance, social contact and the like.

Description

A kind of car networking identity identifying method and system
Technical field:
The present invention relates to information security and identity identifying technology fields, and in particular to a kind of car networking identity identifying method and is System.
Background technique:
With the rapid development of network communication technology, electronic information technology and auto manufacturing technology, the car networking (intelligent network in China Connection automobile) industry has a great development.Car networking connects people-Che-road, is towards vehicle communication, realizes V2X The Internet is the typical case of technology of Internet of things.It is various convenient and efficient that car networking enjoys vehicle user whenever and wherever possible Interconnection services, but also produce a series of safety problems simultaneously.Such as by some attack means, may be implemented remotely to control Vehicle steals user data, leakage privacy of user etc., brings and seriously threatens to the life of user, property safety and privacy.It is close several The various car networking security incidents that year occurs have caused common concern of the people to car networking safety problem.
Vehicle is the main body and core of car networking, and the identification authentication security of vehicle is the important side for guaranteeing car networking safety Face.Car networking is wireless self-organization network, and topological structure has high dynamic, and communication scenes have diversity, are related to " people- Che-road-cloud " is many-sided.The complicated multiplicity of the application scenarios of car networking authentication, also has relatively high requirement to safety, urgently The universal safety identity authentication scheme of complicated applications environment need to be coped with.And existing car networking identity authentication scheme is big at present Mostly be for certain specific application scenarios, such as between vehicle, between vehicle and user, for vehicle and backstage Between server or traffic control system etc., general requirement cannot be reached, it is diversified not to be able to satisfy future car the Internet services Demand.
Summary of the invention:
The purpose of the present invention is for car networking for be suitable for complicated applications environment, the generic identity with high security recognizes The demand of card scheme provides a kind of car networking identity identifying method and system, allows users to securely connect and use various All kinds of convenient services of car networking are relievedly enjoyed in car networking application.
To achieve the goals above, technical solution of the present invention provides a kind of car networking identity identifying method, the method base In by application server, vehicle identification certificate server, vehicle identification authenticating device and intelligence with car networking applications client The system of energy terminal composition, the method includes registration phases and authentication phase:
Registration phase
The information of the application server is registered in the vehicle identification certificate server;By vehicle identity information described It is registered in vehicle identification authenticating device;The information of the vehicle identification authenticating device and the vehicle identity information are bound, and Information after binding is registered in the vehicle identification certificate server;The vehicle identification authenticating device is placed in corresponding Vehicle;
Authentication phase
The car networking applications client on S1, the intelligent terminal sends the first certification request to the application server, It wherein include the vehicle identity information in first certification request;
S2, the application server receive first certification request and test;The application service if upchecking Device generates the second certification request according to first certification request, wherein including the vehicle identification in second certification request Information, the application server sign to second certification request using its signature private key, are sent to the vehicle body Part certificate server, then carries out step S3;If inspection does not pass through, the application server is generated comprising first certification First feedback information of the unacceptable message of request checking is sent to the car networking applications client, then carries out step S7;
S3, the vehicle identification certificate server receive second certification request, and use the verifying of the application server Public key verifies the signature of second certification request;If being proved to be successful, the vehicle identification certificate server according to Second certification request generates third certification request, and the vehicle with vehicle identity information binding is sent to after encryption Then ID authentication device carries out step S4;If authentication failed, the vehicle identification certificate server is generated comprising described the Second feedback information of the message of two certification request authentication faileds uses the signature private key label of the vehicle identification certificate server It is sent to the application server after name, then carries out step S6;
S4, the vehicle identification authenticating device receive the third certification request ciphertext, are authenticated after decryption, if authenticating successfully The third feedback information for authenticating successful message comprising vehicle identification is then generated, generates if authentification failure and recognizes comprising vehicle identification Demonstrate,prove the third feedback information of failed message;The vehicle identification authenticating device is sent to institute after encrypting the third feedback information State vehicle identification certificate server;
S5, the vehicle identification certificate server receive the third feedback information ciphertext, are fed back after decryption according to the third Information generates the second feedback information, and described answer is sent to after signing using the signature private key of the vehicle identification certificate server Use server;
S6, the application server receive second feedback information, public using the verifying of the vehicle identification certificate server Key verifies the signature of second feedback information, generates first instead according to second feedback information if being proved to be successful Feedforward information generates the first feedback information of the message comprising the second feedback information authentication failed if authentication failed;It is described First feedback information is sent to the car networking applications client by application server;
S7, the car networking applications client receive first feedback message, terminate this verification process.
Based on above-mentioned, in the vehicle identification authenticating device, certification rule is preset;In step S4, the progress Certification includes: the vehicle identification authenticating device according to the preset certification rule, it is determined whether is authenticated successfully.
Based on above-mentioned, the certification that carries out in step S4 further includes the step that user confirms the third certification request It is rapid:
After vehicle identification authenticating device judgement authenticates successfully, prompt the user to the information of the third certification request into Row confirmation;After the user carries out confirmation operation, the vehicle identification authenticating device generates successful comprising vehicle identification certification The third feedback information of message;If authentification failure or user do not confirm the information of third certification request, the vehicle ID authentication device generates the third feedback information of the message comprising vehicle identification authentification failure.
Based on above-mentioned, in registration phase, user information is registered in the vehicle identification authenticating device, and set user Identity veritifies mode;When user carries out confirmation operation in step S4, mode first is veritified according to the user identity and verifies identity, body Part is confirmed again after being verified.
Based on above-mentioned, it includes that user inputs preset password and/or based on biological characteristic that the user identity, which veritifies mode, The identity of identification veritifies mode.
Based on above-mentioned, the information by the application server in registration phase is in the vehicle identification certificate server Registration, comprising: register the information of the application server in the vehicle identification certificate server;By the application service The verification public key of device is stored in the vehicle identification certificate server, and the signature private key of the application server is deposited safely Storage is in the application server;The verification public key of the vehicle identification certificate server is stored in the application server In, and the signature private key of the vehicle identification certificate server is stored securely in the vehicle identification certificate server.
Based on above-mentioned, information by the vehicle identification authenticating device and vehicle identity information in registration phase are bound, And the information after binding is registered in the vehicle identification certificate server, comprising: by the vehicle identification authenticating device Information and the vehicle identity information, are stored in correspondingly in the vehicle identification certificate server;By the vehicle body The encrypted public key of part authenticating device is stored in the vehicle identification certificate server, by the solution of the vehicle identification authenticating device Close private key is stored securely in the vehicle identification authenticating device.
Based on above-mentioned, in step S3, the vehicle identification certificate server generates third according to second certification request Certification request is sent to the vehicle identification authenticating device with vehicle identity information binding after encryption, comprising:
The vehicle identification certificate server generates the interior of the third certification request according to the content of second certification request Hold;The vehicle identification certificate server generates session key, with the session key by the content of the third certification request Encryption, then with the encrypted public key of the vehicle identification authenticating device bound with the vehicle identity information by the session key Encryption, is sent to the vehicle identification authenticating device together with the ciphertext of the third certification request content;
In step S4, the vehicle identification authenticating device receives the third certification request ciphertext, is authenticated after decryption, wraps Include: the vehicle identification authenticating device receives the third certification request ciphertext, with the decrypted private key of oneself that the session is close Then the decryption of key ciphertext is decrypted the ciphertext of the third certification request content with the session key that decryption obtains, then into Row certification;The vehicle identification authenticating device is sent to the vehicle identification authentication service after encrypting the third feedback information Device, comprising: the vehicle identification authenticating device, by after third feedback information encryption, is sent to institute using the session key State vehicle identification certificate server;
In step S5, the vehicle identification certificate server receives the third feedback information ciphertext, according to described the after decryption Three feedback informations generate the second feedback information, comprising: it is close that the vehicle identification certificate server receives the third feedback information Text generates the second feedback information according to the third feedback information after session key decryption.
Based on above-mentioned, in step S3, the vehicle identification certificate server generates third according to second certification request Certification request is sent to the vehicle identification authenticating device with vehicle identity information binding after encryption, comprising:
The vehicle identification certificate server generates the interior of the third certification request according to the content of second certification request Hold;The vehicle identification authenticating device generates certification request inquiry message, and generates session key, with the session key by institute State the content-encrypt of certification request inquiry message, then with the encrypted public key of the vehicle identification authenticating device by the session key Encryption, is sent to the vehicle identification certificate server together with the certification request inquiry message ciphertext;The vehicle identification Certificate server receives the certification request inquiry message ciphertext, using the decrypted private key of oneself by the session key ciphertext Decryption, then decrypted the certification request inquiry message ciphertext with the obtained session key is decrypted, and to being obtained after decryption The certification request inquiry message test, the third certification request is added after upchecking using the session key It is close, it is sent to the vehicle identification authenticating device;
In step S4, the vehicle identification authenticating device receives the third certification request ciphertext, is authenticated after decryption, wraps Include: the vehicle identification authenticating device receives the third certification request ciphertext, is decrypted with the session key, then recognized Card;The vehicle identification authenticating device is sent to the vehicle identification certificate server after encrypting the third feedback information, Including: the vehicle identification authenticating device will be sent to described after third feedback information encryption using the session key Vehicle identification certificate server;
In step S5, the vehicle identification certificate server receives the third feedback information ciphertext, according to described the after decryption Three feedback informations generate the second feedback information, comprising: it is close that the vehicle identification certificate server receives the third feedback information Text generates the second feedback information according to the third feedback information after session key decryption.
Based on above-mentioned, information by the vehicle identification authenticating device and vehicle identity information in registration phase are bound, And the information after binding is registered in the vehicle identification certificate server, comprising: by the vehicle identification authenticating device Information and the vehicle identity information, are stored in correspondingly in the vehicle identification certificate server;By the vehicle body Session key between part certificate server and the vehicle identification authenticating device, respectively in the vehicle identification certificate server With secure storage in vehicle identification authenticating device, wherein the session key be used for the vehicle identification certificate server and institute The Content of Communication stated between vehicle identification authenticating device carries out enciphering/deciphering, realizes secret communication.
Based on above-mentioned, the application server includes the first security module, for generating and/or storing key and carry out close Code operation;The vehicle identification certificate server includes the second security module, for generating and/or storing key, storage binding Vehicle identification authenticating device information and vehicle identity information, and carry out crypto-operation;The vehicle identification authenticating device packet Third security module is included, for generating and/or storing the vehicle identification of key, storage and vehicle identification authenticating device binding Information, and carry out crypto-operation.
Based on above-mentioned, first security module, second security module, the third security module are respectively provided with peace Full chip, the safety chip have the function of secure storage and crypto-operation.
Based on above-mentioned, effective vehicle identity information list is stored in the application server, described in step S2 answers It is tested with server to first certification request, is examined in first certification request including the application server Whether the vehicle identity information is in effective vehicle identity information list.
Based on above-mentioned, the vehicle identity information includes license plate number, Vehicle Identify Number, one or more in motor number.
Technical solution of the present invention also provides a kind of car networking identity authorization system, the system comprises intelligent terminal, answers With server, vehicle identification certificate server and vehicle identification authenticating device;The intelligent terminal and the application server are logical Letter connection, the application server and vehicle identification certificate server communication connection, the vehicle identification certificate server It is communicated to connect with the vehicle identification authenticating device;
The information of the application server is registered in the vehicle identification certificate server;By vehicle identity information described It is registered in vehicle identification authenticating device;The information of the vehicle identification authenticating device and the vehicle identity information are bound, and Information after binding is registered in the vehicle identification certificate server;The vehicle identification authenticating device is placed in corresponding Vehicle;
The intelligent terminal has car networking applications client;The car networking applications client is sent to the application server First certification request, and receive the first feedback information that the application server is sent;Wherein in first certification request Including the vehicle identity information;
The application server includes the first security module, and the label of the application server are stored in first security module The verification public key of name private key and the vehicle identification certificate server;
When the application server receives first certification request sent by the car networking applications client, to described First certification request is tested, and generates the second certification request according to first certification request if upchecking, and pass through First security module is signed using the signature private key of the application server, is then sent to the vehicle identification certification clothes Business device generates the first feedback information that unacceptable message is examined comprising first certification request, hair not if if examining Give the car networking applications client;
When the application server receives the second feedback information sent by the vehicle identification certificate server, then pass through institute The first security module is stated, is signed using the verification public key of the vehicle identification certificate server to second feedback information Verifying;The first feedback information is generated according to second feedback information if being proved to be successful, if it includes institute that authentication failed, which generates, State the first feedback information of the message of the second feedback information authentication failed;Then the application server is by first feedback letter Breath is sent to the car networking applications client;
The vehicle identification certificate server includes the second security module, is stored with the vehicle body in second security module Part signature private key of certificate server and the verification public key of the application server;
When the vehicle identification certificate server receives second certification request sent by the application server, pass through Second security module carries out signature verification to second certification request using the verification public key of the application server;If It is verified, then third certification request is generated according to second certification request, and will be described by second security module The encryption of third certification request is sent to the vehicle identification authenticating device with vehicle identity information binding;If verifying is not It is safe by then generating the second feedback information of the message comprising the second certification request authentication failed, then by described second Module after being signed using the signature private key of the vehicle identification certificate server to second feedback information, is sent to described Application server;
The vehicle identification certificate server receives the third feedback information ciphertext sent by the vehicle identification authenticating device When, the third feedback information ciphertext is decrypted by second security module, it is then raw according to the third feedback information At the second feedback information, then by second security module, use the signature private key pair of the vehicle identification certificate server After the second feedback information signature, it is sent to the application server;
The vehicle identification authenticating device includes third security module;The vehicle identification authenticating device is received by the vehicle When the third certification request that authentication server is sent, by the third security module by the third certification request Ciphertext decryption, and authenticated, third feedback information is then generated according to authentication result;The vehicle identification authenticating device passes through The third security module encrypts the third feedback information, is then sent to the vehicle identification certificate server.
Based on above-mentioned, the vehicle identification certification is respectively included in second security module and the third security module Session key between server and the vehicle identification authenticating device;It or include the vehicle in the third security module The decrypted private key of ID authentication device includes the encrypted public key of the vehicle identification authenticating device in second security module, The vehicle identification certificate server generates session key by second security module, and is recognized using the vehicle identification The encrypted public key of card equipment encrypts the session key, is sent to the vehicle identification authenticating device, the vehicle identification is recognized Card equipment is close by the session key using the decrypted private key of the vehicle identification authenticating device by the third security module Text decryption, obtains the session key;Described in the vehicle identification certificate server and the vehicle identification authenticating device use Session key carries out secret communication.
Based on above-mentioned, the vehicle identification authenticating device further includes output module and input module;The output module is used Confirm to export information and/or the prompt user of the third certification request;The user by the input module into Row confirmation operation.
Based on above-mentioned, the vehicle identification authenticating device further includes user authentication module, described in user's use User authentication module is verified identity by way of the preset password of input and/or using living things feature recognition, is then led to It crosses the input module and carries out confirmation operation.
Technical solution of the present invention carries out the body of vehicle by the vehicle identification authenticating device bound with vehicle identity information Part certification is all suitable for the application on various types of applications relevant to vehicle identification, various intelligent terminals.With existing skill Identity authentication scheme in art is compared, and the certification of technical solution of the present invention has the advantages that versatile, highly-safe.
The present invention has substantive distinguishing features outstanding and significant progress compared with the prior art, specifically:
1. the vehicle identification authenticating device in technical solution of the present invention is independently of car-mounted terminal, only between authentication server It securely communicates, by authentication server as vehicle identification authenticating device and application server and car networking application client The bridge for holding communication realizes that the vehicle identification in car networking in various application scenarios authenticates by authentication server.Recognizing During card, guarantee the safety of certification by encryption and decryption and digital signature, and vehicle identification authenticating device joins with having vehicle The intelligent terminal of net applications client can be not only physically segregated, and communication process also uses password via authentication server Technology has carried out multi-level safety protection, has very high safety.
2. the incidence relation of vehicle identification authenticating device and vehicle identity information in technical solution of the present invention joins vehicle All be for net applications client and application server it is sightless, even if intelligent terminal or application server are under attack, The still available preferable guarantee of safety of vehicle identification certification, is suitble to the application environment of car networking complexity.
3. technical solution of the present invention for car-mounted terminal, trackside terminal, user all kinds of intelligent terminals such as mobile terminal on Car networking applications client initiate various vehicle identifications certification be all suitable for, it is widely used, it is versatile, can be car networking Middle vehicle provides safety guarantee as the main body of the multiple functions such as traffic, communication, finance, social activity.
Detailed description of the invention:
Fig. 1 is a kind of schematic diagram of car networking identity identifying method according to an embodiment of the invention.
Fig. 2 is a kind of schematic diagram of car networking identity authorization system in accordance with another embodiment of the present invention.
Specific embodiment:
Embodiment 1
The embodiment of the invention provides a kind of car networking identity identifying methods.The method is based on by application server, vehicle body The system of part certificate server, vehicle identification authenticating device and the intelligent terminal composition with car networking applications client.
Here intelligent terminal include car-mounted terminal, trackside terminal, user all kinds of intelligent terminals such as mobile terminal, Che Lian Net applies the application including multiple functions such as traffic, communication, finance, social activities.Vehicle identification authenticating device can be by authoritative department Be issued to each vehicle, be an independent trusted terminal, can communicate with vehicle identification certificate server, have crypto-operation with Authentication function can also have the functions such as input equipment, output equipment and living things feature recognition as needed.Vehicle identification is recognized Card server can then be operated and managed by authoritative department.
The method includes registration phases and authentication phase:
Registration phase
The information of the application server is registered in the vehicle identification certificate server;By vehicle identity information described It is registered in vehicle identification authenticating device;The information of the vehicle identification authenticating device and the vehicle identity information are bound, and Information after binding is registered in the vehicle identification certificate server;The vehicle identification authenticating device is placed in corresponding Vehicle;
A specific embodiment according to the present invention, the vehicle identity information include license plate number, Vehicle Identify Number, in motor number It is one or more.The vehicle identity information is also possible to other kinds of vehicle identification mark, such as is attached on vehicle body Vehicle identification mark in chip etc..Vehicle identity information is corresponding with vehicle, has uniqueness.
The information of application server includes mark, application server and the vehicle identification certificate server of application server Communication mode etc..
The information of the vehicle identification authenticating device includes the mark and/or vehicle identification certification of vehicle identification authenticating device Communication mode, the encryption and decryption key etc. of equipment and vehicle identification certificate server.
Authentication phase
As shown in Figure 1, authentication phase the following steps are included:
The car networking applications client on S1, the intelligent terminal sends the first certification request to the application server, It wherein include the vehicle identity information in first certification request.
Car networking applications client or trackside can be started by vehicle intelligent terminal or mobile intelligent terminal by user Intelligent terminal identifies the vehicle identity information, and the vehicle identity information is supplied to car networking applications client, then Car networking applications client sends the first certification request to the application server corresponding to it.It include vehicle in first certification request Identity information can also include certification request initiator information, origin of an incident etc..
For example, vehicle by the bayonet in highway, parking lot, gas station, maintenace point, vehicle dining room etc. or other with When consumption based on vehicle and charge place, license plate number or other vehicle identity informations are identified by trackside intelligent terminal, then Car networking applications client on trackside intelligent terminal initiates certification request, so as to after authenticating successfully from account relevant to vehicle It deducts fees.In this case, the first certification request may also include the information such as charging item, the amount of money, so as to user's confirmation.For another example, it uses Family can be reserved logical perhaps using every car networking service or with other vehicles by the applications client of vehicle intelligent terminal Letter initiates certification request by the applications client of vehicle intelligent terminal at this time.User can also be long-range by mobile intelligent terminal The vehicle to draw oneself up initiates certification request by the applications client of mobile intelligent terminal at this time.
S2, the application server receive first certification request and test;The application if upchecking Server generates the second certification request according to first certification request, wherein including the vehicle in second certification request Identity information, the application server sign to second certification request using its signature private key, are sent to the vehicle Then authentication server carries out step S3;If inspection does not pass through, it includes described first that the application server, which generates, Certification request examines the first feedback information of unacceptable message, is sent to the car networking applications client, is then walked Rapid S7.
Application server tests to the first certification request received, including to the first certification request validity, The inspection of legitimacy.The application server generates the second certification request according to first certification request if upchecking, It include the certification request content in the first certification request in second certification request, such as vehicle identity information, certification request are initiated Square information etc..
A specific embodiment according to the present invention is stored with effective vehicle identity information column in the application server Table, the application server in step S2 test to first certification request, that is, examine first certification request In the vehicle identity information whether in effective vehicle identity information list, if not in effective vehicle identity information It in list, then examines and does not pass through, if upchecking in effective vehicle identity information list.
S3, the vehicle identification certificate server receive second certification request, and use the application server Verification public key verifies the signature of second certification request;If being proved to be successful, the vehicle identification certificate server According to second certification request generate third certification request, be sent to after encryption with the vehicle identity information binding described in Then vehicle identification authenticating device carries out step S4;If authentication failed, it includes institute that the vehicle identification certificate server, which generates, The second feedback information for stating the message of the second certification request authentication failed, it is private using the signature of the vehicle identification certificate server It is sent to the application server after key signature, then carries out step S6;
In the third certification request that vehicle identification certificate server is generated according to second certification request, including the second certification is asked Certification request content in asking, such as vehicle identity information, certification request initiator information etc..
S4, the vehicle identification authenticating device receive the third certification request ciphertext, are authenticated after decryption, if certification Successful then generation authenticates the third feedback information of successful message comprising vehicle identification, and generating if authentification failure includes vehicle body The third feedback information of part authentification failure message;The vehicle identification authenticating device is sent after encrypting the third feedback information To the vehicle identification certificate server;
A specific embodiment according to the present invention presets certification rule in the vehicle identification authenticating device;Step In rapid S4, described to carry out certification include: that the vehicle identification authenticating device is regular according to the preset certification, it is determined whether is recognized It demonstrate,proves successfully.The certification rule can be preset when vehicle identification authenticating device is provided, and user can also be to the certification Rule modifies at any time, sets.For example, it is a certain application that user can receive source in vehicle identification authenticating device for the first time Certification request when, set and the certification request certification of the application passed through or unacceptable certification is regular.
A specific embodiment according to the present invention, the third certification request include the vehicle identity information;Institute State preset certification rule include: the vehicle identity information in the third certification request whether with the vehicle identification The corresponding vehicle identity information of authenticating device is consistent.In step S4, described to carry out certification include: vehicle identification certification Whether the vehicle identity information in third certification request described in device authentication is corresponding with the vehicle identification authenticating device The vehicle identity information is consistent.If be not consistent, authentification failure.If be consistent, and other certifications are then recognized if It demonstrate,proves successfully.
A specific embodiment according to the present invention, the certification in step S4 further include that user asks third certification It asks and is confirmed, specific steps are as follows:
After the vehicle identification authenticating device judgement authenticates successfully, then prompt the user to the information of the third certification request Confirmed;After the user carries out confirmation operation, the vehicle identification authenticating device is generated to be authenticated successfully comprising vehicle identification Message third feedback information;It is described if authentification failure or user do not confirm the information of third certification request Vehicle identification authenticating device generates the third feedback information of the message comprising vehicle identification authentification failure;The vehicle identification certification Equipment is sent to the vehicle identification certificate server after encrypting the third feedback information.
Due to needing user to confirm, the vehicle identification authenticating device is usually also needed with output module or display mould Block, the information that needs can be confirmed in this way are shown, or in a manner of voice prompting etc., user are prompted to confirm.With Family validation testing can be there are many type, for example is confirmed by pressing some key, confirm by voice etc..
Further, in registration phase, user information can also be registered in the vehicle identification authenticating device, and set Determine user identity and veritifies mode;When user carries out confirmation operation in step S4, mode first is veritified according to the user identity and is verified Identity, authentication are confirmed again after passing through.
Optionally, it includes that user is inputted preset password and/or known based on biological characteristic that the user identity, which veritifies mode, Other identity veritifies mode.Wherein, living things feature recognition includes recognition of face, fingerprint recognition, iris recognition and/or Application on Voiceprint Recognition Deng, it is therefore desirable to corresponding acquisition module such as fingerprint acquisition instrument, camera, sound pick-up outfit are set on vehicle identification authenticating device Deng and identification module.The mode of preset password is inputted according to user, then needs to have input on vehicle identification authenticating device Module.
S5, the vehicle identification certificate server receive the third feedback information ciphertext, according to the third after decryption Feedback information generates the second feedback information, and is sent to institute after signing using the signature private key of the vehicle identification certificate server State application server.
S6, the application server receive second feedback information, use testing for the vehicle identification certificate server Card public key verifies the signature of second feedback information, generates the according to second feedback information if being proved to be successful One feedback information generates the first feedback information of the message comprising the second feedback information authentication failed if authentication failed; First feedback information is sent to the car networking applications client by the application server.
S7, the car networking applications client receive first feedback message, terminate this verification process.
In step S2, step S3, step S5, step S6, carries out signature and when to the verifying of signature, use public key digital Signature algorithm, as RSA, DSA, ECDSA, Elgamal, Fiat-Shamir, Guillou- Quisquarter, Schnorr, Ong-Schnorr-Shamir Digital Signature Algorithm, elliptic curve digital signature algorithm, finite automata Digital Signature Algorithm etc.. Vehicle identification certificate server and application server respectively have a pair of of signature public and private key, when each party signs using oneself Signature private key, other side verify verification public key when signature using signer.Signature public and private key can be recognized by vehicle identification It demonstrate,proves server to generate, can also be generated by authoritative institution.
Preferably, the information of the application server is registered in the vehicle identification certificate server, comprising: by institute The information for stating application server is registered in the vehicle identification certificate server;The verification public key of the application server is deposited The signature private key of the application server is stored securely in the application and taken by storage in the vehicle identification certificate server It is engaged in device;The verification public key of the vehicle identification certificate server is stored in the application server, and by the vehicle The signature private key of authentication server is stored securely in the vehicle identification certificate server.
Step S3, when being encrypted and decrypted in step S4 and step S5, Encryption Algorithm can select symmetric encipherment algorithm Such as DES, 3DES(TripleDES), AES, RC2, RC4, RC5, Blowfish and national secret algorithm SM1, SM4, SM7, use Session key carries out encryption and decryption to Content of Communication;Rivest, shamir, adelman can also be selected, as RSA, Elgamal, knapsack algorithm, Rabin, D-H, elliptic curve encryption algorithm etc. are conversated the encryption and decryption of key using public private key pair.
The information and vehicle identity information binding by the vehicle identification authenticating device in registration phase, and will be after binding Information registered in the vehicle identification certificate server, comprising: by the information of the vehicle identification authenticating device with it is described Vehicle identity information is stored in correspondingly in the vehicle identification certificate server;By the vehicle identification authenticating device Encrypted public key be stored in the vehicle identification certificate server, by the decrypted private key of vehicle identification authenticating device safety It is stored in the vehicle identification authenticating device.
Following two specific embodiment may be used in authentication phase.The first specific embodiment are as follows:
(1) in step S3, the vehicle identification certificate server generates third certification request according to second certification request, adds The vehicle identification authenticating device with vehicle identity information binding is sent to after close, comprising: the vehicle identification certification Server generates the content of the third certification request according to the content of second certification request;The vehicle identification certification Server generate session key, with the session key by the content-encrypt of the third certification request, then with the vehicle The encrypted public key of the vehicle identification authenticating device of identity information binding encrypts the session key, authenticates with the third The ciphertext of request content is sent to the vehicle identification authenticating device together;
(2) in step S4, the vehicle identification authenticating device receives the third certification request ciphertext, is authenticated after decryption, It include: that the vehicle identification authenticating device receives the third certification request ciphertext, with oneself decrypted private key by the session Then the decryption of key ciphertext is decrypted the ciphertext of the third certification request content with the session key that decryption obtains, then It is authenticated;The vehicle identification authenticating device is sent to the vehicle identification certification clothes after encrypting the third feedback information Business device, comprising: the vehicle identification authenticating device, by after third feedback information encryption, is sent to using the session key The vehicle identification certificate server;
(3) in step S5, the vehicle identification certificate server receives the third feedback information ciphertext, after decryption according to Third feedback information generates the second feedback information, comprising: the vehicle identification certificate server receives the third feedback information Ciphertext generates the second feedback information according to the third feedback information after session key decryption.
Second of specific embodiment are as follows:
(1) in step S3, the vehicle identification certificate server generates third certification request according to second certification request, adds The vehicle identification authenticating device with vehicle identity information binding is sent to after close, comprising: the vehicle identification certification Server generates the content of the third certification request according to the content of second certification request;The vehicle identification certification Equipment generates certification request inquiry message, and generates session key, with the session key by the certification request inquiry message Content-encrypt, then the session key is encrypted with the encrypted public key of the vehicle identification authenticating device, is asked with the certification Inquiry message ciphertext is asked to be sent to the vehicle identification certificate server together;The vehicle identification certificate server receives institute Certification request inquiry message ciphertext is stated, is decrypted the session key ciphertext using the decrypted private key of oneself, then is obtained with decryption The session key certification request inquiry message ciphertext is decrypted, and the certification request that obtains after decryption is inquired Information is tested, and is encrypted the third certification request using the session key after upchecking, is sent to the vehicle ID authentication device;
(2) in step S4, the vehicle identification authenticating device receives the third certification request ciphertext, is authenticated after decryption, Include: that the vehicle identification authenticating device receives the third certification request ciphertext, is decrypted with the session key, then recognized Card;The vehicle identification authenticating device is sent to the vehicle identification certificate server after encrypting the third feedback information, Including: the vehicle identification authenticating device will be sent to described after third feedback information encryption using the session key Vehicle identification certificate server;
(3) in step S5, the vehicle identification certificate server receives the third feedback information ciphertext, after decryption according to Third feedback information generates the second feedback information, comprising: the vehicle identification certificate server receives the third feedback information Ciphertext generates the second feedback information according to the third feedback information after session key decryption.
Another embodiment according to the present invention, can also directly secure storage and use session key, carry out Content of Communication encryption and decryption;In this embodiment, the information and vehicle by the vehicle identification authenticating device in registration phase Identity information binding, and the information after binding is registered in the vehicle identification certificate server, comprising: by the vehicle body The information of part authenticating device and the vehicle identity information, are stored in correspondingly in the vehicle identification certificate server; By the session key between the vehicle identification certificate server and the vehicle identification authenticating device, respectively in the vehicle body Secure storage in part certificate server and vehicle identification authenticating device, wherein the session key is for recognizing the vehicle identification The Content of Communication demonstrate,proved between server and the vehicle identification authenticating device carries out enciphering/deciphering, realizes secret communication.
Preferably, the application server includes the first security module, for generating and/or storing key and carry out password Operation;The vehicle identification certificate server includes the second security module, and for generating and/or storing key, storage is bound Vehicle identification authenticating device information and vehicle identity information, and carry out crypto-operation;The vehicle identification authenticating device includes Third security module is believed for generating and/or storing the vehicle identification of key, storage and vehicle identification authenticating device binding Breath, and carry out crypto-operation.Security module can be hardware or software security module, and hardware security module has higher Safety.Preferably, first security module, second security module, the third security module are respectively provided with safety Chip, the safety chip have the function of secure storage and crypto-operation.
Embodiment 2
Based on inventive concept same as the above method, a kind of car networking identity is additionally provided in another embodiment of the present invention and is recognized Card system, as shown in Figure 2.The system comprises intelligent terminal, application server, vehicle identification certificate server and vehicle identifications Authenticating device;The intelligent terminal is connected with the application server communication, and the application server and the vehicle identification are recognized Demonstrate,prove server communication connection, the vehicle identification certificate server and vehicle identification authenticating device communication connection;
The information of the application server is registered in the vehicle identification certificate server;By vehicle identity information described It is registered in vehicle identification authenticating device;The information of the vehicle identification authenticating device and the vehicle identity information are bound, and Information after binding is registered in the vehicle identification certificate server;The vehicle identification authenticating device is placed in corresponding Vehicle;
The intelligent terminal has car networking applications client;The car networking applications client is sent to the application server First certification request, and receive the first feedback information that the application server is sent;Wherein in first certification request Including the vehicle identity information;
The application server includes the first security module, and the label of the application server are stored in first security module The verification public key of name private key and the vehicle identification certificate server;
When the application server receives first certification request sent by the car networking applications client, to described First certification request is tested, and generates the second certification request according to first certification request if upchecking, and pass through First security module is signed using the signature private key of the application server, is then sent to the vehicle identification certification clothes Business device generates the first feedback information that unacceptable message is examined comprising first certification request, hair not if if examining Give the car networking applications client;
When the application server receives the second feedback information sent by the vehicle identification certificate server, then pass through institute The first security module is stated, is signed using the verification public key of the vehicle identification certificate server to second feedback information Verifying;The first feedback information is generated according to second feedback information if being proved to be successful, if it includes institute that authentication failed, which generates, State the first feedback information of the message of the second feedback information authentication failed;Then the application server is by first feedback letter Breath is sent to the car networking applications client;
The vehicle identification certificate server includes the second security module, is stored with the vehicle body in second security module Part signature private key of certificate server and the verification public key of the application server;
When the vehicle identification certificate server receives second certification request sent by the application server, pass through Second security module carries out signature verification to second certification request using the verification public key of the application server;If It is verified, then third certification request is generated according to second certification request, and will be described by second security module The encryption of third certification request is sent to the vehicle identification authenticating device with vehicle identity information binding;If verifying is not It is safe by then generating the second feedback information of the message comprising the second certification request authentication failed, then by described second Module after being signed using the signature private key of the vehicle identification certificate server to second feedback information, is sent to described Application server;
The vehicle identification certificate server receives the third feedback information ciphertext sent by the vehicle identification authenticating device When, the third feedback information ciphertext is decrypted by second security module, it is then raw according to the third feedback information At the second feedback information, then by second security module, use the signature private key pair of the vehicle identification certificate server After the second feedback information signature, it is sent to the application server;
The vehicle identification authenticating device includes third security module;The vehicle identification authenticating device is received by the vehicle When the third certification request that authentication server is sent, by the third security module by the third certification request Ciphertext decryption, and authenticated, third feedback information is then generated according to authentication result;The vehicle identification authenticating device passes through The third security module encrypts the third feedback information, is then sent to the vehicle identification certificate server.
In a specific embodiment according to the present invention, second security module and the third security module respectively Including the session key between the vehicle identification certificate server and the vehicle identification authenticating device;The vehicle identification is recognized It demonstrate,proves server and the vehicle identification authenticating device and carries out secret communication using the session key.
Another embodiment according to the present invention includes that the vehicle identification authenticates in the third security module The decrypted private key of equipment includes the encrypted public key of the vehicle identification authenticating device, the vehicle in second security module Authentication server generates session key by second security module, and uses the vehicle identification authenticating device Encrypted public key encrypts the session key, is sent to the vehicle identification authenticating device, and the vehicle identification authenticating device is logical The third security module is crossed, is decrypted the session key ciphertext using the decrypted private key of the vehicle identification authenticating device, Obtain the session key;The vehicle identification certificate server and the vehicle identification authenticating device use the session key Carry out secret communication.
Optionally, the vehicle identification authenticating device further includes output module and input module;The output module is used to The information and/or prompt user for exporting the third certification request confirm;The user is carried out by the input module Confirmation operation.Optionally, the vehicle identification authenticating device further includes user authentication module, and the user uses the use Family authentication module is verified identity by way of the preset password of input and/or using living things feature recognition, is then passed through The input module carries out confirmation operation.
Above-mentioned steps label does not represent sequencing, those skilled in the art said sequence can be converted and simultaneously Without departing from protection scope of the present invention.The above content is merely illustrative of the invention's technical idea, and cannot be limited with this of the invention Protection scope, it is all according to the technical idea provided by the invention, any changes made on the basis of the technical scheme each falls within this Within the protection scope of invention claims.

Claims (10)

1. a kind of car networking identity identifying method, which is characterized in that the method is based on being authenticated by application server, vehicle identification The system of server, vehicle identification authenticating device and the intelligent terminal composition with car networking applications client, the method packet Include registration phase and authentication phase:
Registration phase
The information of the application server is registered in the vehicle identification certificate server;By vehicle identity information described It is registered in vehicle identification authenticating device;The information of the vehicle identification authenticating device and the vehicle identity information are bound, and Information after binding is registered in the vehicle identification certificate server;The vehicle identification authenticating device is placed in corresponding Vehicle;
Authentication phase
The car networking applications client on S1, the intelligent terminal sends the first certification request to the application server, It wherein include the vehicle identity information in first certification request;
S2, the application server receive first certification request and test;The application service if upchecking Device generates the second certification request according to first certification request, wherein including the vehicle identification in second certification request Information, the application server sign to second certification request using its signature private key, are sent to the vehicle body Part certificate server, then carries out step S3;If inspection does not pass through, the application server is generated comprising first certification First feedback information of the unacceptable message of request checking is sent to the car networking applications client, then carries out step S7;
S3, the vehicle identification certificate server receive second certification request, and use the verifying of the application server Public key verifies the signature of second certification request;If being proved to be successful, the vehicle identification certificate server according to Second certification request generates third certification request, and the vehicle with vehicle identity information binding is sent to after encryption Then ID authentication device carries out step S4;If authentication failed, the vehicle identification certificate server is generated comprising described the Second feedback information of the message of two certification request authentication faileds uses the signature private key label of the vehicle identification certificate server It is sent to the application server after name, then carries out step S6;
S4, the vehicle identification authenticating device receive the third certification request ciphertext, are authenticated after decryption, if authenticating successfully The third feedback information for authenticating successful message comprising vehicle identification is then generated, generates if authentification failure and recognizes comprising vehicle identification Demonstrate,prove the third feedback information of failure news;The vehicle identification authenticating device is sent to after encrypting the third feedback information The vehicle identification certificate server;
S5, the vehicle identification certificate server receive the third feedback information ciphertext, are fed back after decryption according to the third Information generates the second feedback information, and described answer is sent to after signing using the signature private key of the vehicle identification certificate server Use server;
S6, the application server receive second feedback information, public using the verifying of the vehicle identification certificate server Key verifies the signature of second feedback information, generates first instead according to second feedback information if being proved to be successful Feedforward information generates the first feedback information of the message comprising the second feedback information authentication failed if authentication failed;It is described First feedback information is sent to the car networking applications client by application server;
S7, the car networking applications client receive first feedback message, terminate this verification process.
2. car networking identity identifying method according to claim 1, which is characterized in that the certification in step S4 further includes using The step of family confirms the third certification request:
After the vehicle identification authenticating device judgement authenticates successfully, user is prompted to carry out the information of the third certification request true Recognize;After the user carries out confirmation operation, the vehicle identification authenticating device, which is generated, authenticates successful message comprising vehicle identification Third feedback information;If authentification failure or user do not confirm the information of third certification request, the vehicle body Part authenticating device generates the third feedback information of the message comprising vehicle identification authentification failure.
3. car networking identity identifying method according to claim 2, which is characterized in that in registration phase, by user information It is registered in the vehicle identification authenticating device, and sets user identity and veritify mode;User carries out confirmation operation in step S4 When, mode first is veritified according to the user identity and verifies identity, and authentication is confirmed again after passing through.
4. car networking identity identifying method according to claim 1, which is characterized in that in registration phase by the vehicle The information and vehicle identity information of ID authentication device are bound, and by the information after binding in the vehicle identification certificate server Middle registration, comprising: by the information of the vehicle identification authenticating device and the vehicle identity information, be stored in institute correspondingly It states in vehicle identification certificate server;The encrypted public key of the vehicle identification authenticating device is stored in the vehicle identification certification In server, the decrypted private key of the vehicle identification authenticating device is stored securely in the vehicle identification authenticating device.
5. car networking identity identifying method according to claim 4, which is characterized in that in step S3, the vehicle identification Certificate server generates third certification request according to second certification request, is sent to after encryption and the vehicle identity information The vehicle identification authenticating device of binding, comprising:
The vehicle identification certificate server generates the interior of the third certification request according to the content of second certification request Hold;The vehicle identification certificate server generates session key, with the session key by the content of the third certification request Encryption, then with the encrypted public key of the vehicle identification authenticating device bound with the vehicle identity information by the session key Encryption, is sent to the vehicle identification authenticating device together with the ciphertext of the third certification request content;
In step S4, the vehicle identification authenticating device receives the third certification request ciphertext, is authenticated after decryption, wraps Include: the vehicle identification authenticating device receives the third certification request ciphertext, with the decrypted private key of oneself that the session is close Then the decryption of key ciphertext is decrypted the ciphertext of the third certification request content with the session key that decryption obtains, then into Row certification;The vehicle identification authenticating device is sent to the vehicle identification authentication service after encrypting the third feedback information Device, comprising: the vehicle identification authenticating device, by after third feedback information encryption, is sent to institute using the session key State vehicle identification certificate server;
In step S5, the vehicle identification certificate server receives the third feedback information ciphertext, according to described the after decryption Three feedback informations generate the second feedback information, comprising: it is close that the vehicle identification certificate server receives the third feedback information Text generates the second feedback information according to the third feedback information after session key decryption.
6. car networking identity identifying method according to claim 4, which is characterized in that in step S3, the vehicle identification Certificate server generates third certification request according to second certification request, is sent to after encryption and the vehicle identity information The vehicle identification authenticating device of binding, comprising:
The vehicle identification certificate server generates the interior of the third certification request according to the content of second certification request Hold;The vehicle identification authenticating device generates certification request inquiry message, and generates session key, with the session key by institute State the content-encrypt of certification request inquiry message, then with the encrypted public key of the vehicle identification authenticating device by the session key Encryption, is sent to the vehicle identification certificate server together with the certification request inquiry message ciphertext;The vehicle identification Certificate server receives the certification request inquiry message ciphertext, using the decrypted private key of oneself by the session key ciphertext Decryption, then decrypted the certification request inquiry message ciphertext with the obtained session key is decrypted, and to being obtained after decryption The certification request inquiry message test, the third certification request is added after upchecking using the session key It is close, it is sent to the vehicle identification authenticating device;
In step S4, the vehicle identification authenticating device receives the third certification request ciphertext, is authenticated after decryption, wraps Include: the vehicle identification authenticating device receives the third certification request ciphertext, is decrypted with the session key, then recognized Card;The vehicle identification authenticating device is sent to the vehicle identification certificate server after encrypting the third feedback information, Including: the vehicle identification authenticating device will be sent to described after third feedback information encryption using the session key Vehicle identification certificate server;
In step S5, the vehicle identification certificate server receives the third feedback information ciphertext, according to described the after decryption Three feedback informations generate the second feedback information, comprising: it is close that the vehicle identification certificate server receives the third feedback information Text generates the second feedback information according to the third feedback information after session key decryption.
7. car networking identity identifying method according to claim 1, which is characterized in that in registration phase by the vehicle The information and vehicle identity information of ID authentication device are bound, and by the information after binding in the vehicle identification certificate server Middle registration, comprising: by the information of the vehicle identification authenticating device and the vehicle identity information, be stored in institute correspondingly It states in vehicle identification certificate server;By the meeting between the vehicle identification certificate server and the vehicle identification authenticating device Key is talked about, respectively the secure storage in the vehicle identification certificate server and vehicle identification authenticating device, wherein the session Key is used to carry out the Content of Communication between the vehicle identification certificate server and the vehicle identification authenticating device plus/solution It is close, realize secret communication.
8. a kind of car networking identity authorization system, which is characterized in that including intelligent terminal, application server, vehicle identification certification Server and vehicle identification authenticating device;The intelligent terminal is connected with the application server communication, the application server It is communicated to connect with the vehicle identification certificate server, the vehicle identification certificate server and the vehicle identification authenticating device Communication connection;
The information of the application server is registered in the vehicle identification certificate server;By vehicle identity information described It is registered in vehicle identification authenticating device;The information of the vehicle identification authenticating device and the vehicle identity information are bound, and Information after binding is registered in the vehicle identification certificate server;The vehicle identification authenticating device is placed in corresponding Vehicle;
The intelligent terminal has car networking applications client;The car networking applications client is sent to the application server First certification request, and receive the first feedback information that the application server is sent;Wherein in first certification request Including the vehicle identity information;
The application server includes the first security module, and the label of the application server are stored in first security module The verification public key of name private key and the vehicle identification certificate server;
When the application server receives first certification request sent by the car networking applications client, to described First certification request is tested, and generates the second certification request according to first certification request if upchecking, and pass through First security module is signed using the signature private key of the application server, is then sent to the vehicle identification certification clothes Business device generates the first feedback information that unacceptable message is examined comprising first certification request, hair not if if examining Give the car networking applications client;
When the application server receives the second feedback information sent by the vehicle identification certificate server, then pass through institute The first security module is stated, is signed using the verification public key of the vehicle identification certificate server to second feedback information Verifying;The first feedback information is generated according to second feedback information if being proved to be successful, if it includes institute that authentication failed, which generates, State the first feedback information of the message of the second feedback information authentication failed;Then the application server is by first feedback letter Breath is sent to the car networking applications client;
The vehicle identification certificate server includes the second security module, is stored with the vehicle body in second security module Part signature private key of certificate server and the verification public key of the application server;
When the vehicle identification certificate server receives second certification request sent by the application server, pass through Second security module carries out signature verification to second certification request using the verification public key of the application server;If It is verified, then third certification request is generated according to second certification request, and will be described by second security module The encryption of third certification request is sent to the vehicle identification authenticating device with vehicle identity information binding;If verifying is not It is safe by then generating the second feedback information of the message comprising the second certification request authentication failed, then by described second Module after being signed using the signature private key of the vehicle identification certificate server to second feedback information, is sent to described Application server;
The vehicle identification certificate server receives the third feedback information ciphertext sent by the vehicle identification authenticating device When, the third feedback information ciphertext is decrypted by second security module, it is then raw according to the third feedback information At the second feedback information, then by second security module, use the signature private key pair of the vehicle identification certificate server After the second feedback information signature, it is sent to the application server;
The vehicle identification authenticating device includes third security module;The vehicle identification authenticating device is received by the vehicle When the third certification request that authentication server is sent, by the third security module by the third certification request Ciphertext decryption, and authenticated, third feedback information is then generated according to authentication result;The vehicle identification authenticating device passes through The third security module encrypts the third feedback information, is then sent to the vehicle identification certificate server.
9. car networking identity authorization system according to claim 8, which is characterized in that the vehicle identification authenticating device is also Including output module and input module;The output module is used to export the information of the third certification request and/or prompt is used Family is confirmed;The user carries out confirmation operation by the input module.
10. car networking identity authorization system according to claim 9, which is characterized in that the vehicle identification authenticating device Further include user authentication module, the user uses the user authentication module, by input preset password and/ Or identity is verified using the mode of living things feature recognition, confirmation operation is then carried out by the input module.
CN201910648142.1A 2019-07-18 2019-07-18 Internet of vehicles identity authentication method and system Active CN110289958B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910648142.1A CN110289958B (en) 2019-07-18 2019-07-18 Internet of vehicles identity authentication method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910648142.1A CN110289958B (en) 2019-07-18 2019-07-18 Internet of vehicles identity authentication method and system

Publications (2)

Publication Number Publication Date
CN110289958A true CN110289958A (en) 2019-09-27
CN110289958B CN110289958B (en) 2022-05-13

Family

ID=68023205

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910648142.1A Active CN110289958B (en) 2019-07-18 2019-07-18 Internet of vehicles identity authentication method and system

Country Status (1)

Country Link
CN (1) CN110289958B (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111479244A (en) * 2020-05-08 2020-07-31 郑州信大捷安信息技术股份有限公司 V2I Internet of vehicles identity authentication system and method
CN111539496A (en) * 2020-04-20 2020-08-14 山东确信信息产业股份有限公司 Vehicle information two-dimensional code generation method, two-dimensional code license plate, authentication method and system
CN111572493A (en) * 2020-05-08 2020-08-25 郑州信大捷安信息技术股份有限公司 Vehicle keyless entry and starting system and method based on Internet of vehicles
CN111818483A (en) * 2020-06-29 2020-10-23 郑州信大捷安信息技术股份有限公司 V2V vehicle networking communication system and method based on 5G
CN112565251A (en) * 2020-12-02 2021-03-26 北京梧桐车联科技有限责任公司 Access authentication method, device and system for vehicle-mounted application
CN112887282A (en) * 2021-01-13 2021-06-01 国网新疆电力有限公司电力科学研究院 Identity authentication method, device and system and electronic equipment
CN113572745A (en) * 2021-07-07 2021-10-29 上海仙塔智能科技有限公司 Authentication method, peripheral equipment, vehicle-mounted connector and server

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030046541A1 (en) * 2001-09-04 2003-03-06 Martin Gerdes Universal authentication mechanism
CN104796265A (en) * 2015-05-06 2015-07-22 厦门大学 Internet-of-things identity authentication method based on Bluetooth communication access
CN104901925A (en) * 2014-03-05 2015-09-09 中国移动通信集团北京有限公司 End-user identity authentication method, device and system and terminal device
CN106027475A (en) * 2016-01-21 2016-10-12 李明 Secret key obtaining method and identity card information transmission method and system
CN106686004A (en) * 2017-02-28 2017-05-17 飞天诚信科技股份有限公司 Login authentication method and system
CN108471351A (en) * 2018-06-27 2018-08-31 西南交通大学 Car networking certifiede-mail protocol method based on no certificate aggregate signature

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030046541A1 (en) * 2001-09-04 2003-03-06 Martin Gerdes Universal authentication mechanism
CN104901925A (en) * 2014-03-05 2015-09-09 中国移动通信集团北京有限公司 End-user identity authentication method, device and system and terminal device
CN104796265A (en) * 2015-05-06 2015-07-22 厦门大学 Internet-of-things identity authentication method based on Bluetooth communication access
CN106027475A (en) * 2016-01-21 2016-10-12 李明 Secret key obtaining method and identity card information transmission method and system
CN106686004A (en) * 2017-02-28 2017-05-17 飞天诚信科技股份有限公司 Login authentication method and system
CN108471351A (en) * 2018-06-27 2018-08-31 西南交通大学 Car networking certifiede-mail protocol method based on no certificate aggregate signature

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111539496A (en) * 2020-04-20 2020-08-14 山东确信信息产业股份有限公司 Vehicle information two-dimensional code generation method, two-dimensional code license plate, authentication method and system
CN111572493B (en) * 2020-05-08 2021-04-13 郑州信大捷安信息技术股份有限公司 Vehicle keyless entry and starting system and method based on Internet of vehicles
CN111572493A (en) * 2020-05-08 2020-08-25 郑州信大捷安信息技术股份有限公司 Vehicle keyless entry and starting system and method based on Internet of vehicles
CN111479244A (en) * 2020-05-08 2020-07-31 郑州信大捷安信息技术股份有限公司 V2I Internet of vehicles identity authentication system and method
CN111479244B (en) * 2020-05-08 2022-02-11 郑州信大捷安信息技术股份有限公司 V2I Internet of vehicles identity authentication system and method
CN111818483A (en) * 2020-06-29 2020-10-23 郑州信大捷安信息技术股份有限公司 V2V vehicle networking communication system and method based on 5G
CN111818483B (en) * 2020-06-29 2022-02-11 郑州信大捷安信息技术股份有限公司 V2V vehicle networking communication system and method based on 5G
CN112565251A (en) * 2020-12-02 2021-03-26 北京梧桐车联科技有限责任公司 Access authentication method, device and system for vehicle-mounted application
CN112565251B (en) * 2020-12-02 2023-04-18 北京梧桐车联科技有限责任公司 Access authentication method, device and system for vehicle-mounted application
CN112887282A (en) * 2021-01-13 2021-06-01 国网新疆电力有限公司电力科学研究院 Identity authentication method, device and system and electronic equipment
CN112887282B (en) * 2021-01-13 2023-06-20 国网新疆电力有限公司电力科学研究院 Identity authentication method, device, system and electronic equipment
CN113572745A (en) * 2021-07-07 2021-10-29 上海仙塔智能科技有限公司 Authentication method, peripheral equipment, vehicle-mounted connector and server
CN113572745B (en) * 2021-07-07 2023-08-08 上海仙塔智能科技有限公司 Authentication method, peripheral equipment, vehicle-mounted connector and server

Also Published As

Publication number Publication date
CN110289958B (en) 2022-05-13

Similar Documents

Publication Publication Date Title
CN110289958A (en) Internet of Vehicles identity authentication method and system
CN105429760B (en) A kind of auth method and system of the digital certificate based on TEE
CN109687976A (en) Fleet's establishment and management method and system based on block chain and PKI authentication mechanism
CN109150535A (en) A kind of identity identifying method, equipment, computer readable storage medium and device
US8615663B2 (en) System and method for secure remote biometric authentication
CN109862040A (en) A kind of safety certifying method and Verification System
CN104767616B (en) A kind of information processing method, system and relevant device
CN107040513A (en) A kind of credible access registrar processing method, user terminal and service end
CN108809953A (en) A kind of method and device of the anonymous Identity certification based on block chain
CN106713279A (en) Video terminal identity authentication system
CN110322600B (en) Control method of electronic lock and electronic lock
CN104935441A (en) Authentication method and relevant devices and systems
CN106330838A (en) Dynamic signature method, client using the same and server
CN111539496A (en) Vehicle information two-dimensional code generation method, two-dimensional code license plate, authentication method and system
CN108809633A (en) A kind of identity authentication method, apparatus and system
CN109547503A (en) Biological feather recognition method
CN108400989B (en) Security authentication equipment, method and system for shared resource identity authentication
CN115296804B (en) Traffic accident evidence obtaining method based on blockchain
CN110166445A (en) A kind of the secret protection anonymous authentication and cryptographic key negotiation method of identity-based
CN103391194A (en) Method and system for unlocking safety equipment of user
CN103281188B (en) A kind of back up the method and system of private key in electronic signature token
CN116662950A (en) Identity authentication method and device based on blockchain
CN104065483B (en) Identity-based cryptograph (IBC) classified using method of electronic communication identities
CN116132986A (en) Data transmission method, electronic equipment and storage medium
CN113572612B (en) Private key distribution method for SM9 cryptographic algorithm, user terminal and key generation center

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
PE01 Entry into force of the registration of the contract for pledge of patent right
PE01 Entry into force of the registration of the contract for pledge of patent right

Denomination of invention: A Method and System for Identity Authentication in the Internet of Vehicles

Effective date of registration: 20230412

Granted publication date: 20220513

Pledgee: China Construction Bank Corporation Zhengzhou Jinshui sub branch

Pledgor: ZHENGZHOU XINDA JIEAN INFORMATION TECHNOLOGY Co.,Ltd.

Registration number: Y2023980037751